Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

andy1307 writes "According to this article in the New York Times, 'In what appears to be a coordinated assault, the e-mail accounts of at least a dozen rights activists, academics and journalists who cover China have been compromised by unknown intruders. The infiltrations, which involved Yahoo e-mail accounts, appeared to be aimed at people who write about China and Taiwan, rendering their accounts inaccessible, according to those who were affected. In the case of this reporter, hackers altered e-mail settings so that all correspondence was surreptitiously forwarded to another e-mail address. ... The victims of the most recent intrusions included a law professor in the United States, an analyst who writes about China's security apparatus and several print journalists based in Beijing and Taipei, the capital of Taiwan."

Don't you know that you should do your wiretapping directly at the ISP level, like real Americans?

I'm sure that they know and they do. But wiretapping at the ISP level doesn't help if their victims use HTTPS or SSL IMAP/POP like pretty much all Gmail (and Yahoo?) users do. Real Americans(TM) subpoena Google or Yahoo records directly over their convenient law-enforcement interfaces -- China can't do that...

The real bug is Mozilla doesn't _help_ you realize and figure out that a cert has been changed for no good reason.

Yes the way to do it won't work 100% for the average person. But the average person will get pwned anyway.

So in this case, Mozilla should help the ones who care about security - warning people that the server cert has been changed rather early, or worse the CA has changed, or even worse the CA has changed AND the new CA is in a different country.

https is very easy to MITM if you can inject bogus signed certificates.

Ah yes. The Myth in the Middle. That great urban legend of cryptography.

Out of curiosity, could someone actually provide a concrete example of a MITM attack ever being successfully carried out? Bonus points for anyone who can further provide reasons for why this means Firefox no longer likes self signed certs.

Out of curiosity, could someone actually provide a concrete example of a MITM attack ever being successfully carried out? Bonus points for anyone who can further provide reasons for why this means Firefox no longer likes self signed certs.

Well, there's SSLSniff [thoughtcrime.org] that was used to demonstrate faking Paypal certificates (via NULL attacks in browsers). There's also the neat SSLStrip [thoughtcrime.org] that transforms a HTTPS transaction down to an HTTP one.

They work by ARP spoofing right now, and if you combine with the IE WPAD (w

They aren't generally considered "attacks"; because they are conducted by the owners of the hardware and the connection; but a nontrivial percentage of the sorts of proxy servers commonly sitting between a corporate/institutional LAN and the hostile wide world of the internet are at least capable of such, if not configured for it. Since the corporation owns the computers, pushing their internal CA as trusted into client browsers is a trivial matter, which allows their web proxy to preserve the client machi

It's a great moment to protest against government espionage. Everyone in the west will agree on protesting chinese espionage, but it will indirectly call attention to western government practices too. Implementing protests in Chinese text does pose some interesting technical and language problems....

Wiretapping at the ISP level isn't so convenient when the ISP is outside your jurisdiction. Some of the people attacked were based in Taiwan and the US. Also journalists often move around, so you might have to attack many ISPs in order to gain access. In this case it just makes more sense for the Chinese to attack webmail accounts.

Don't you know that you should do your wiretapping directly at the ISP level, like real Americans?

Why would you need to when the e-mail hosts have so thoughtfully buried an auto-forwarding function on a settings page that no one ever checks?

"Free" e-mail has generally only improved in quality over the last decade, but that one move was incredibly boneheaded.Every time I log in, the first thing I should see is "Your E-Mail Is Forwarded To: [No Where/Address]".Anything else is just pure gold for malicious actors.

China is a totalitarian state. Has been since 1949. What free trade has done is to make it a rich totalitarian state instead of a poor one. I never understood the argument that capitalism would lead to anything like democracy. Democracy [usually] leads to at least some level of capitalist/free-enterprise economy, but not the other way around.

I never understood the argument that capitalism would lead to anything like democracy.

The reason you can't understand that argument is that it's complete BS. It was created to try to convince Americans that the reason our government is making it extremely easy to trade with China is to spread democracy, not increase corporate profits at the expense of American workers' careers.

And historically at least, the system of government best suited to corporate profits is not democracy, but fascist-leaning dictatorships. That's true whether we're talking about Mussolini, Hitler, Franco, Pinochet, or Batista.

I never understood the argument that capitalism would lead to anything like democracy.

The reason you can't understand that argument is that it's complete BS.

Indeed. Democracy is a form of voting, representation, social organization of people, citizens, governments. Capitalism, as well as socialism, are mostly organizing methods for distributing money, finances, and perhaps labor and goods. No actual relation to government organization. Of course money and politics are related, but I think they are still separate segments and entities. Government and finance are inter-related to health care, education, media, technology and a bunch of things too, but not inse

False flag operations [wikipedia.org] "False flag operations are covert operations which are designed to deceive the public in such a way that the operations appear as though they are being carried out by other entities. The name is derived from the military concept of flying false colors; that is, flying the flag of a country other than one's own. False flag operations are not limited to war and counter-insurgency operations, and have been used in peace-time; for example during Italy's strategy of tension."...

And historically at least, the system of government best suited to corporate profits is not democracy, but fascist-leaning dictatorships. That's true whether we're talking about Mussolini, Hitler, Franco, Pinochet, or Batista.

Uh, what? If you mean that having a rather militarist government is good if you're a corporation in the arms industry, then yes. But why the hell would an arbitrary corporation prefer having the laws change at the pleasure of a demagogue who may or may not like them instead of having an easily "lobbied"/bribed legislature?

But why the hell would an arbitrary corporation prefer having the laws change at the pleasure of a demagogue who may or may not like them instead of having an easily "lobbied"/bribed legislature?

Because bribing 1 despot is cheaper and easier than bribing the 300 or so congresscritters/MPs needed to get a majority. Plus you do so much work to buy off particular politicians, and then the pesky public votes for someone else and you need to start over again.

Perhaps you need a history course. Historically, Mussolini, Hitler, and Franco drew their countries into ruinous wars, which are very hard on corporate profits. Batista so weakened his government that it was taken over by communists who nationalized everything. Corporations hate that.

Saying that the system of government best suited to corporate profits is a fascist-leaning dictatorship is like saying Bernie Madoff will get you the best return on your investment. It is sometimes true in the short term, b

Saying that the system of government best suited to corporate profits is a fascist-leaning dictatorship is like saying Bernie Madoff will get you the best return on your investment. It is sometimes true in the short term, but in the long term it is very, very false.

That would be relevant, if only people and corporations had the foresight to pay attention to anything more than the Next Big Thing. The lack of any sort of a long view and the attitude that what is best for right now is always the right choice are both almost ubiquitous in our culture and are detrimental to society in many cases.

If we're talking companies based in the countries that lose the war, then you'd be correct. But in a lot of cases (including those in the 1930's and 40's) we're talking about outside multinationals, who can move their capital quite easily from one country to another. Ergo they can and will play they short-term gain in, say, Spain, then head to Germany for a decade, then to Argentina, and so on.

It's remarkably similar to investments in fundamentally unsound securities. The idea is to make a bundle while ever

Well the claim that Mussolini, Hitler etc were economically successful was of course put out by the propaganda of these dictatorships. However after the war Germany certainly did very well as a democracy with a market economy, going from an utterly destroyed country to being the world's biggest exporter (see Wirtschaftwunder [wikipedia.org]).

The reason you can't understand that argument is that it's complete BS.

Actually it's not. The reasoning behind the argument is that it's happened in a number of other countries, for example, south Korea, Taiwan, and El Salvador. Once people hit a certain level of wealth and comfort, they seem to demand more power in their government. There has been some effort to determine what level of wealth that is exactly, but to come up with a good number, we would need to run more experiments. That isn't very practical for obvious reasons.

I don't understand it either, mainly because I think the climate in China is closer to free market capitalism than the climate in the US. In relative terms China is a capitalist utopia, particularly from a producer's perspective.

China has endless standards and regulations.They're just generally not aimed at improving health and safety.IIRC, a recent Time Magazine article said China releases more rule/regulation changes every year than the rest of the world combined.

The argument is that capitalism would increase the general wealth of the nation. As wealth increased, living standards would increase. As living standards increased, a middle class would form. And that it would be that middle class that would lead the push for democracy and freedom.

Of course, this ignores the fact that stable democracies have, historically, been formed by pushes from an aristocratic regime focused on ensuring property rights and liberty for as many people as possible. Athens, Rome, Iceland,

To some degree I agree with you. I have more knowledge of Industrial England than of Rome (though there was a pretty major civil war between the Plebs and the Proles that lead to an expansion of the aristocracy there). In England, at least, the people had the good fortune of a number of historical trends lining up at the same time; labor shortages at the tail end of the Middle Ages (after the Black Death) which saw a sharp increase in demand for workers, the beginnings of a free market economy being estab

I never understood the argument that capitalism would lead to anything like democracy. Democracy [usually] leads to at least some level of capitalist/free-enterprise economy, but not the other way around.

There's some evidence for it: Chile, South Korea, and Taiwan are examples of countries that went from right-wing, capitalist dictatorships to democracies. The idea is that capitalism allows individuals to build wealth and make large investments (e.g., factories). Then, they have something to lose in the pol

It doesn't always work out, but having a middle class helps, also because they have time, skills, and money to spend on politics.

China is the great experiment. It's been a given since the the English Civil War that a middle and mercantile classes will demand, and will ultimately take a greater share of the political system. I posit that the Chinese leadership is hoping to accomplish the creation of a thriving middle class without any great increase in political liberties. Will the experiment work? Hard to say. Damned scary if it does, that's for sure.

Reminds me of all those emails I get from the head of the International Bank of Nigeria who somehow has to use hotmail/gmail/yahoo mail. Or how the "British National Lottery" also can't afford it's own mail server.

Seriously, "journalists" can't use anything but yahoo? Or even if they were limited to yahoo - they can't encrypt their email?

I suspect these "journalists" are just some "random group of people" and that the story is just more hype.

well Journalists arn't normaly that techie (even 99% of the technology ones) and for and for on the move journalist a webmail system does have a lot of advantages. And an ISP in china would probaly allow the security services to access their data where an external system like yahoo might require at least some form of due process.

You do wonder if who ever is doing thease sorts of hacks has thier own agenda certaily it would make sense for the PRC's security people to pull their horns in at the moment.

well Journalists arn't normaly that techie (even 99% of the technology ones) and for and for on the move journalist a webmail system does have a lot of advantages.

Neglecting the spelling and grammar which you should be ashamed of, the use of a convenient webmail system does not preclude the use of encryption outside the webmail system. Viz : on your laptop, you write your super-secret email ; you then run it through your encryption package to produce a blob of data ; you then use your webmail account to tr

If dyslexia is a real complaint (not proven), that's even less excuse to not use the readily available tools to assist controlling it. That is rather like someone who knows that they're short-sighted complaining about other drivers not driving closely enough to be seen.

kicked in

I've never heard anyone claiming that dyslexia is an intermittent complaint.

A lot of freelance journalists use google and yahoo, as do many people who have professional mail accounts, but prefer to conduct private and/or personal business using a 'free' provider. Do you really want a confidential source in China to risk sending info to *@nytimes.etc?

I dont believe that the hardware you are writing from is not made in China.They have the greatest power of all: economic power.What if, some day, China stops exporting goods? The whole economy would hang, while China will still be self sufficient. Yes, they too would be hit stopping the economy cycle, but being foreseen I'm quite sure they could handle it much better than any other country.

This is all the more reason to actively avoid their product; so that we can make it profitable for other countries to take up the production of items that only seem to sell at the lowest price point possible. It may cost us a little today but in the long run we won't be so attached to one provider that we have to put up with their abusive nature if we need to "cut the cord."

People seem to think of China as this troublesome country that does whatever it wants and that nothing can be done about it. This is simply not true.

China is actually more dependent on US and EU than the other way around. They devote most resources to the production of products that need to be mandatorily exported as the the chinese masses cannot afford them.

Corporations and states seem to ignore the blatant anti-freemarket and anti-freedom-speech-policies because of the el-dorado of the

It takes a while to figure out how it works, but I just searched for a DVD Recorder (TARIC CODE = 8521900090) and the import duty was 13.9%. Here is the result for non-magnetic tape video recording apparatus:

The quickest way to sort out the human rights situation in China is to create a population with enough of a stake in society for it to be worth standing up and be counted. Free speech means very little when you're on the breadline. Even if your boycott had any meaningful effect, it would just make government repression easier, not harder - and China is quite easily big enough to run a closed economy if it wanted to.

The quickest way to sort out the human rights situation in China is to create a population with enough of a stake in society for it to be worth standing up and be counted.

Actually, the booming economy has undeniably lessened the popular unrest of the 80s, and the government sees it as necessary to ensure a continuously growing economy, to maintain their power over the people.

Almost every example in history of government overthrow is one of peoples being repressed and suffering. Keeping them fat and happy t

I wear SAS (San Antonio Shoes, made here in Texas). Their style is undoubtedly old-school (I'd guesstimate that 1/3 of the fellow customers I see in there are near- or post-retirement-age, though they're trying to remedy that somewhat with new products), but they're extremely comfy and the sales staff (they have outlets here in Austin) knows their stuff.

Unfortunately, decades of corporate dominance in the western world have made an embargo of China pretty much impossible. Any country that tried this would face economic collapse (even the whole EU united probably couldn't pull it off). Very little in the way of manufactured goods is still made or exporting outside of Asia (mostly China). Boycotting them would mean having to recreate from scratch the entire manufacturing base of your country and having to completely redefine modern retail (no more Walmarts o

Indeed, but "Made in China" often actually means "Assembled in China". Our global economy often makes your decision difficult. For example, according to this article, What the iPod tells us about Britain's economic future [telegraph.co.uk], out of the $190 captured value for every iPod (made in China) sold in the US, China actually only earns $4. The rest of the captured value goes to countries where the retailer, product developer and high value component manufacturers

I try the best I can to buy American made products - or failing that products made in countries that have fair treatment of their employees, but I know for a fact you typed that message on a machine that has at least one Chinese component in it.

Even my Pegasos II (which was made in Germany) has some chips on it that were manufactured in China.

Its more than just supporting communism. With the amount of production being sent to China, it is eroding the economies of the western world, putting our own people out of work.... and making us adherent to what ever the Chinese government demands.

- for 20 years now malware targets mostly DOS/Windows, yet these guys still use exactly that- the main vector of malware coming in is via e-mail attachments, yet these guys keep clicking on them- signed e-mails and attachments would make reception thereof fairly safe, yet these guys have no idea about it- nevermind encryption, cause why would these guys be responsible towards their sources- etc.pp.

So I'd say....TOLD YOU SO....but then these guys probably would feign complete ignorance and amazement over the

Coming to think of it...does anybody have additional information on how the Tibetan's now deal with things in the aftermath of Ghostnet? WOuld love to know if they wised up/got support to use e-mail authentication/encryption and generally beefed up security....

for 20 years now malware targets mostly DOS/Windows, yet these guys still use exactly that

Like everyone else on the planet. Not that it matters whether you access webmail via Linux or via Windows.

the main vector of malware coming in is via e-mail attachments, yet these guys keep clicking on them

Webmail cracked - that's almost certainly not clicking-on-attachments territory, more likely poor password choice. Access to company servers from the inside (employees collaborating with the attackers) is another possible path of attack.

signed e-mails and attachments would make reception thereof fairly safe, yet these guys have no idea about it

Works only on a node-to-node basis. If their contact doesn't have the tools, then they can't use it. Same applies to encryption obviously. Is PGP freely available in China? How long till the government detects that you are using PGP and takes you in for questioning solely based on that fact?

but then these guys probably would feign complete ignorance and amazement over the fact, that especially the totalitarian governments of the world don't exactly work with white gloves

If the Chinese government attacks western computer systems, that's news. It might require a political response, that should be in the public discussion. Regardless, it's certainly worth reporting.

...don't give a shit about your self-aggrandized ego of 'a journalist' and the hallowed freedom of press

Freedom of the press is vital for my freedom and for yours. I think your disdain is completely inappropriate here.

How long till the government detects that you are using PGP and takes you in for questioning solely based on that fact?

That's immensely nonsensical. If the government can detect that you are using PGP, they can damn well read the full text of your e-mails, and find out the much more incriminating information therein. You might as well run around in a war-zone without a bullet-proof vest, because people shooting at you just might notice you

With reports like "Yahoo 'helped jail China writer'" in 2005... would most people with any public or private interest in China stay with Yahoo's products in any form after its "complicity" over the past years?http://news.bbc.co.uk/2/hi/4221538.stm [bbc.co.uk]

I think I probably wrote the same thing when news of the GMail hacking allegations came out: Who is dumb enough to use a public webmail service for confidential email? Don't they have access to any good advice? Training? Or just think it through a little -- does Yahoo Mail seem like a secure place to store sensitive data?

Yeah, real journalists use their ISP's webmail (*cough*), their own servers (which can be confiscated) or their friends (also confiscateable). Then you have the possibility of offshore email accounts on an american friend's server (which will get blocked). At least when using webmail, the others have to either break in the servers (like they did in TFA) or subpoena them (which I don't see the Chinese govt. do tbh).